---
# OpenVpn basic configuration

- name: Install needed package
  package: name={{ item }} state=present
  with_items:
  - openvpn
  tags:
  - openvpn
  - packages
  when: ansible_distribution_major_version|int < 8

- name: Install needed package (dnf)
  dnf: pkg={{ item }} state=present
  with_items:
  - openvpn
  tags:
  - openvpn
  - packages
  when: ansible_distribution_major_version|int > 7 and ansible_cmdline.ostree is not defined

- name: Install certificate and key (rhel6 and fedora24 and older)
  copy: src={{ private }}/files/vpn/openvpn/keys/ca.crt
        dest=/etc/openvpn/ca.crt
        owner=root group=root mode=0600
  tags:
  - install
  - openvpn
  #notify:
  #- restart openvpn (Fedora)
  #- restart openvpn (RHEL7)
  #- restart openvpn (RHEL6)
  when: ansible_distribution_major_version|int < 25

- name: Install certificate and key (rhel7 or fedora) for client
  copy: src={{ private }}/files/vpn/openvpn/keys/ca.crt
        dest=/etc/openvpn/client/ca.crt
        owner=root group=root mode=0600
  tags:
  - install
  - openvpn
  #notify:
  #- restart openvpn (Fedora)
  #- restart openvpn (RHEL7)
  #- restart openvpn (RHEL6)
  when: ( ansible_distribution_major_version|int != 6 and ansible_distribution_major_version|int != 24 ) and ansible_cmdline.ostree is not defined

- name: Install certificate and key (rhel7 or fedora) for server
  copy: src={{ private }}/files/vpn/openvpn/keys/ca.crt
        dest=/etc/openvpn/server/ca.crt
        owner=root group=root mode=0600
  tags:
  - install
  - openvpn
  #notify:
  #- restart openvpn (Fedora)
  #- restart openvpn (RHEL7)
  #- restart openvpn (RHEL6)
  when: inventory_hostname.startswith('bastion0')

- name: install fix-routes.sh script
  copy: src=fix-routes.sh
        dest=/etc/openvpn/fix-routes.sh
        owner=root group=root mode=0755
  tags:
  - openvpn
